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About Infoblox 


Infoblox is a global leader in automated network control innovation. 
They enable more than 5,000 end customers to create dynamic networks; 
address rapid growth in network devices and connected applications; 
manage complex networks efficiently; and capture more fully the value 
of virtualization and cloud computing. Recognized as market leading 
by analyst firms, including Forrester, Gartner, and IDC, their easy-to-use 
solutions give customers the power to accelerate new service rollouts 
while increasing application availability and reducing costs. 


Their purpose-built physical and virtual appliances tightly integrate real- 
time automated IP address management (IPAM) with network control, 
reporting, configuration and change capabilities. The appliances mesh 
to form a unified fabric, which is self-healing when problems arise, 
self-organized to grow smoothly as the network evolves, and continuously 
synchronized to provide uniform services throughout the network. 
Compliance maintenance, one-click audit data, third-party integration, 
and a single view GUI make automated network control a key to cost- 
containment. Infoblox distributes its products in more than 40 countries 
worldwide and is headquartered in Santa Clara, Calif. 
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Chapter 1 
Routing around |Pv6 Basics 





In This Chapter 
Getting the most out of this book 
Comparing IPv4 and IPv6 
Understanding the need for IPv6 


Pvé6 stands for Internet Protocol version 6, something that 

is about to impact everyone who uses the Internet. This 
book will help you understand what IPV6 is, why it’s neces- 
sary, what it does, and how it will impact you and your 
organization. 


So, what is the Internet Protocol? It’s a set of international 
communications rules that specifies the way small packets 
of data are routed across networks. Each data packet con- 
tains the two numeric addresses of its origin and destination 
devices. 


IPv6, or Internet Protocol version 6, is the newest way that 
Internet devices talk to each other by specifying the two key 
addresses: where the data packet comes from and where is it 
going. IPv6 is the successor to Internet Protocol version 4 or 
IPv4. (Yeah, they skipped IPv5 for reasons that are unimport- 
ant, so just roll with it.) 


Why IPv6? The main impetus behind the move to IPv6 is to 
remedy the IPv4 address exhaustion problem. The explosive 
growth of the Internet since 1981 has exceeded the address 
capacity available in IPv4. 


These materials are the copyright of John Wiley & Sons, Inc. and any 
dissemination, distribution, or unauthorized use is strictly prohibited. 


2 IPv6 For Dummies, Infoblox Special Edition 


Understanding IPv6 is important because migrating your 
organization to IPv6 is no trivial task. Aside from knowing 
what’s going on under the hood, you're going to want insight 
on methodology, device selection, and testing. This book will 
help. 


About This Book 


This book is designed to assist network specialists with the 
processes involved in implementing IPv6 on their systems. 
Included are facts about the IPv6 addressing system, details 
about getting ready to make the change, and some sugges- 
tions for getting started. We assume you have some knowl- 
edge of contemporary networks and the Internet. This book 
was written with and for Infoblox. 


Ieons Used in This Book 


This book contains four icons helpful in identifying informa- 
tion of special interest. To get the most out of this book, pay 
attention to the paragraphs with these icons. 


Give particular attention to this material. 


This icon indicates technical information that may or may not 
interest you, but it’s there if you want to learn it. 


These paragraphs point out special tricks or techniques you 
can use to do something faster or with greater ease. 


Watch out! When you see this icon, read the information sev- 
eral times to keep yourself out of trouble. 
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Introducing I1Pv6 


Internet Protocol version 6 is the next addressing system 

for Internet-connected devices. The explosive growth of the 
Internet has exceeded the capacity of the 30-year-old stan- 
dard, known as IPv4, to handle all the network tools, websites, 
cell phones, and other devices that need unique addresses 
out in the Wild Wild Web. IPv4 has been a very successful 
standard with impressive durability. Not much else on the 
Internet has lasted 30 years unchanged, so they must have 
gotten a few things right when they designed it. However, the 
massive growth in the number and types of devices that use 
an Internet address has finally made a change necessary. IPv6 
is that change. 


rt STux, IPv4 uses a 32-bit address, usually expressed as a group of 

ny ict four address numbers from 0 to 255, which made around 

y 7 4.3 billion addresses available. The vast majority of these 
addresses have already been assigned to Internet service 
providers. IPv6’s 128-bit address provides for many times that 
amount of addresses. To be exact, IPv6 will supply 2!*8 or 340 
undecillion or 3.4x10°° addresses! 


Defining 1Pv6 


The 128-bit address in IPv6 is the most obvious differ- 

ence from IPv4. Besides expanding the number of available 
addresses, IPv6 also has a new packet format that cuts down 
on packet header processing by routers, thereby increasing 
efficiency. 


The IPv6 packet in Figure 1-1 is made up of two parts: the 
packet header and the payload. 
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Traffic Class Flow Label 


Payload Length Hop Limit 


Source Address 


Destination Address 


Figure 1-1: The IPv6 packet format. 


The header consists of a portion with basic data required for 
all packets (and may contain optional extensions for special 
features). The header occupies the first 40 octets (320 bits) 
of the IPv6 packet, and contains the source and destination 
addresses, traffic classification options, a hop counter, and 

a pointer for extension headers, if any. You will also find the 
“Next Header” field, which points to the upper-layer protocol 
that is carried in the packet’s payload. 


The payload can have a size of up to 64 kilobytes without spe- 
cial options, or can be larger with a Jumbo Payload Option in 
a “Hop-by-Hop Options” extension header. IPv6 jumbograms 
can be as large as 2°* — 1 octet, and their use may improve 
performance over high-MTU links. 


Getting Some Statistics 


Want proof that IPv6 is necessary? Check out these factoids. 


Internet World Statistics tells us there were 1.25 billion 
Internet users and 1 billion Internet connections at the start 
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of 2008. In dramatic contrast, projections for 2012 predict 2.5 
billion Internet users and more than 5 billion connections. A 

major component of the growth in addresses is the prolifera- 
tion of mobile phones and tablets, each of which has at least 
one address (and oftentimes more than one). 


geben Those projected 5 billion connections already outstrip the 
4.3 billion addresses provided by IPv4. The resulting shortage 

Cy can be partially overcome by Network Address Translation 
(NAT) — but not completely. 


Solving Tomorrow's 
Problems Today 


Although the last batches of IPv4 addresses have already gone 
out for assignment, folks are still getting along just fine with- 
out IPv6 right now in 2012. However, at the rate of increase of 
addressable devices, that will not remain true for very long. 


Creating a globally unique system of addressing in which 
every device has an address all its own without having to 
depend on a NAT server will result in dramatic changes in 
today’s networks — and may prove essential on tomorrow’s 
networks. 


Breaking down the New 
Address Format 


IPv6 has an impressive list of features, the main one being its 
128-bit address space. By contrast, IPv4, the current system, 
is only 32 bits. The 128-bit address is most commonly broken 
up into two parts: a 64-bit network prefix and a 64-bit unique 
interface identifier. The address is written in eight groups of 
four hexadecimal digits separated by colons. This compara- 
tively monstrous address can be abbreviated as shown in 
Figure 1-2 by either omitting the leading zeros or replacing 
groups of four zeros with a double colon. 
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An |Pv6 address (in hexadecimal) 


2001:0DB8:AC10:FE01:0000:0000:0000:0000: 


{$b § 
2001:DB8:AC10:FEO1:; 2975 ¢an be omitted 


0010000000000001:0000110110111000:1010110000010000:1111111000000001: 


0000000000000000:0000000000000000:0000000000000000:0000000000000000: 
Figure 1-2: Decomposition of an IPv6 address into its binary form. 


The packet header and the process of packet forwarding have 


* 
1G} been greatly simplified in IPv6, making packet processing by 
y \7 routers considerably more efficient despite the doubling of 


the size of the packet header. The longer addresses simplify 
the allocation of addresses, enable efficient route aggregation, 
and permit implementation of special addressing features. 
The standard size of a subnet in IPv6 is 2°4 addresses, the 
square of the size of the entire IPv4 address space. Thus, 
actual address space utilization rates are small in IPv6, but 
the large subnet space and hierarchical route aggregation 
improve network management and routing efficiency. 


Discovering Other 1Pv6 Features 


The new address format brings a whole host of new features, 
both potential and realized, including the following: 


Integrated network security. IPsec is a mandated, baked- 
in part of the protocol. 


Simplified address assignment. Fixing the size of the 
host identifier portion of an address to 64 bits has stan- 
dardized the IPv6 subnet size, and automatically forms 
the host identifier from link layer media addressing 
information. 


Easier network renumbering. Changing the prefix 
announced by a few routers can renumber an entire 
existing network for a new connectivity provider because 
the host identifiers can be independently self-configured 
by a host. 
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/ Elimination of the need for NAT. Network Address 
Translation was created and implemented specifically 
to deal with the shortage of IPv4 addresses. 


Integrated multicasting. Also supported in the new pro- 
tocol are new multicast solutions, including embedding 
rendezvous point addresses in an IPv6 multicast group 
address, which may simplify the deployment of inter- 
domain multicast solutions. 


1Pv6 Adoption Basics 


To help give you a big picture take on migrating to IPv6, here’s 
a short overview of the major steps involved in the process. 


IPv6 is on its way because the Internet is running out of 
addresses, and try as you might, you simply can’t avoid 
adoption. 


If you haven’t started your cutover process yet, you’re in 
good company, but don’t put off planning your adoption much 
longer. Governmental agencies are already adopting IPv6 by 
mandate, and your partners and others are very likely doing 
so as well, which means that communicating with any of them 
will become increasingly difficult if you don’t adopt. 


To develop a comprehensive adoption plan, follow these 
steps: 


1. Create a planning group. You need representatives 
from all branches of your organization, and they 
should help set realistic expectations for their indi- 
vidual departments. 


2. Decide who needs adoption the most. You should 
adopt in phases, starting with the most independent 
sector of your organization, and work out the bugs in 
one place before moving on to the next. 


3. Choose technology. You can examine a variety of tran- 
sition technologies to determine which one or which 
combination is right for your organization, including 
tunneling (automatic, configured, or automated), 
dual-stack, and translation. 
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4. Look at what you have. You should determine what 
equipment and software is already IPv6-ready, what 
needs upgrading or updating, and what needs to be 
replaced. 


5. Find help. You can get help from vendors and from 
IPv6 specialists, such as Infoblox, whose vast set of 
migration resources are available to assist you with 
adoption questions. 


Don’t lose sight of the fact that the greatest impact of IPv6 
adoption will be at the network infrastructure level, although 
anything connected to IT, whether virtual or physical, will be 
affected. 
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Getting Ready to Change 


In This Chapter 


Impacting enterprise with IPv6 





Getting the band together 
Making a to-do list 


( hanging a transport protocol should not be undertaken 

lightly, regardless of the size of your organization. Some 
planning has to take place, the more focused and thought out 
the better — so this chapter is geared to helping you plan 
your planning. 


How Is Implementing IPv6 
Going to Affect Me? 


Visibly, the way you use the Internet won’t change at all. Your 
web browsers will look the same, your e-mail will look the 
same, and your file transfers will look the same. 


The difference is under the hood, at the network layer. If 
you're in charge of providing service, troubleshooting prob- 
lems or helping people troubleshoot problems, installing 
network equipment, managing those who worry about net- 
works, or writing programs that use the network, you'll need 
to understand the basics because the change to IPv6 will have 
significant impact on these functions. 
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Laying Out the Business Case 


Imagine if the electric grid changed from AC to DC, and the 
electric utility ran a second set of lines to your business. You 
could run both services for a while, but eventually, one by 
one, the stations providing AC power would be turned off 
until there was no more AC power being provided at all, and 
the only service you'd be able to run would be DC. 


That is exactly what is happening with Internet protocols. 
IPv6 and IPv4 are mutually exclusive. Although they run over 
the same lines, the computers and routers that speak IPv6 are 
not able to communicate with devices that speak IPv4. 


So the business case for IPv6 is that, eventually, the only new 
routers you'll be able to buy will be IPv6 routers. If you have 
an IPv4 network, one day in the not-distant future you won’t 
find parts available anymore. 


More alarming will be the fact that as government, business, 
and consumer networks change from IPv4 to IPv6 — and gov- 
ernment is already under a conversion mandate — there will 
be no one left to talk to. Why not? An IPv6 machine doesn’t 
send packets that are understandable by an IPv4 device. 


Setting Up the Team 


ar 


Migrating from IPv4 to IPv6 is a team effort — and we don’t 
mean just the IT department. It takes a village to make this 
change, and communication is key. Someone from every 
major branch at your organization should be involved to 
create a comprehensive team. 


Make sure the team composition is cross-functional, and lay 
out demonstration events and pilot programs so that when 
full cutover occurs and deployment is company-wide, you 
have worked out the kinks and troubleshot all the problems 
with all divisions in the company. 


Don’t underestimate a vendor presence. Your normal network 
provider, Internet service provider, or a migration specialist 
(like Infoblox) can be crucial to getting answers to questions 
and to achieving success with your IPv6 adoption. 
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Building an IPv6 Address Plan 


Once a team is together, you need to set expectations. The 
best way to do this is to ask your group some pertinent lead- 
ing questions, such as these: 


What IPv6 strategy will we implement? 
How will we continue to support IPv4? 


What will the effects of cutover be on our network 
infrastructure? 


What parts of our existing infrastructure can we reuse? 
What upgrades and replacements will be necessary? 
/ Where will IPv6 integration begin in our organization? 
How should we initiate IPv6 integration? 


What services will we designate as pilot programs and in 
what order? 


What resources can we call upon for assistance with 
planning and executing cutover? 


How will our branch facilities and data centers be 
affected? 


Can we make the cutover invisible to customers? 


The answers your team provides to these questions will serve 
as good, solid, foundational material for team members to 
take back to their individual departments for setting realistic 
expectations. Knowing what to expect as the cutover pro- 
ceeds is key to heading off troubles. So take the time to get 
the answers to these fundamental, key questions right. 


Figuring Out What’s Ready Now 


A major part of your IPv6 plan will be defining the list of 
things that need to be updated, altered, or outright replaced. 
In many ways, this IPv6 changeover is reminiscent of the Y2K 
event. Some devices have been [Pv6-ready all along, and you 
need to do nothing (or nearly nothing). Some will need config- 
uration changes. Some will need new software. Some will have 
to be sent to the recycler. 
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aX Your team will have to look at every device that touches the 
network and make a determination as to its readiness. The 
process sounds daunting, but if done systematically, it can go 
smoothly. Here are some general guidelines that will make the 
task easier: 


¥ Compatibility with IPv6 networking is mainly a software 
or firmware issue. 


Much of the older hardware that could be upgraded 
should probably be replaced instead. 


The American Registry for Internet Numbers (ARIN) sug- 
gests that all Internet servers be prepared to serve IPv6- 
only clients by January 2012. (This doesn’t mean that the 
servers themselves will be IPv6-only — just that they can 
serve requests from IPv6-only clients.) 


Most personal computers running recent operating 
system versions are already IPv6-ready. 


Many applications with network capabilities may not 
be ready, but can be upgraded with support from the 
developers. 


Java applications adhering to Java 1.4 (February 2002) 
standards have support for IPv6. 


Low-level equipment like network adapters and network 
switches may not be affected by the change because they 
transmit link layer frames without inspecting the contents. 


Networking devices that obtain IP addresses or perform 
routing based on the IP address do need IPv6 support. 


Most equipment can be made IPv6-capable with a soft- 
ware or firmware update if the device has sufficient stor- 
age and memory space for the new IPv6 stack — unless 
the manufacturer has new hardware rather than software 
or firmware updates available. 


If the equipment manufacturer is out of business or has 
no software updates available, or if the network stack is 
implemented in permanent read-only memory, you must 
replace the equipment in question. 


Types of equipment that are typically not IPv6-ready 
include: Voice over Internet Protocol devices, laboratory 
equipment, printers, cable modem servers, and cable 
modems. 
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Making the Shift to IPv6 








In This Chapter 


Adding addresses 
Triaging networking equipment 
Finding help when needed 


LH»: your plan in place is very important, but plans are 


no substitute for experience. Eventually you'll need to 
pull the trigger and implement your plan, and with IPv6 adop- 


tion that requires no small effort. 


In this chapter, we examine how to estimate the effort 


involved, get materials together, and start project tasks. And 
when you need more help, we give you some supportive infor- 


mation about that, too. 


Looking Ahead: Are Vou Behind? 


Because many IPv6 devices have been available for a while 
now and I[Pv4 addresses have nearly run out, it might seem 
that you’re so far behind the curve that making the change 
will be a significant interruption to your organization. 


Nothing could be further from the truth. Be assured that, with 


the proper planning, you’ll still be in the forefront of the cutover 


if you make the change soon. The fact is, you can accomplish 
IPv6 adoption with little or no impact to existing services. 


of the zones contained IPv6 glue records. Approximately 
1.4 million domains or 1 percent had IPv6 address records 
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in their zones. Of all the networks in the global BGP routing 
table, only 7.2 percent had IPv6 support as of that date. 


Mobile phones represent a major source of change in the IPv6 
space. All those phones are publically addressed, so they use 
up large numbers of IP addresses. Also, the change from 3G to 
AG is a big deal — 4G implements Voice over Internet Protocol 
(VoIP) service, which requires IPv6 in the mobile space. As 
carriers change, their entire networks must support IPv6. 


BitTorrent, Xbox Live, and other peer-to-peer technologies 
implement IPv6 in order to avoid the limitations created by NAT. 
([Pv4 uses NAT to cut down on the number of addresses used.) 


Every major operating system in current use supports IPv6. 
Microsoft Windows has supported it since XP/Windows 2000. 
Mac OSX, Linux, and BSD, all have full-featured, mature IPv6 
stacks. 


So the good news is that, since IPv6 was initially defined more 
than a decade ago, you probably have lots of IPv6-enabled 
software and hardware under your control already. More 
good news: Only a small fraction of global networks have 
deployed IPv6 to date. So you’re not really behind. 


The bad news is the longer you delay IPv6 adoption, the 
greater the risk to your organization for disruption and 
unforeseen costs. 


Getting IPv6 Addresses 


As with IPv4, distribution of IPv6 global unicast addresses 

is handled by the American Registry of Internet Numbers 
(ARIN). Although it used to be true that only Internet Service 
Providers could get IPv6 blocks, now the rules are such that 
anyone who is eligible for an IPv4 address allocation is like- 
wise eligible for an IPv6 address allocation. 


Allocation of IPv6 is covered in chapter six, section five of 
the Number Resource Policy Manual. (You might take a shot at 
reading it if you have trouble sleeping.) Essentially, it works 
the same as [Pv4. 


You can request an allocation of addresses if: 


™ You have a previous IPv4 allocation that is justified 
under current rules for IPv4. 
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You're presently set up to use both IPv4 and IPv6 with 
your current Anonymous System number. 


™ You can make a decent technical argument to ARIN fora 
deployment of numbers for your organization. (We can’t 
imagine many things that wouldn’t fall into this category. 
With so many more zeros in the number of available 
addresses, we think ARIN can afford to be gracious.) 


Making Use of Existing 
Equipment 


ar 


The next step after getting IPv6 address space is to determine 
how IPv6-ready you already are and what you need to work 

on. You'll have to work with vendors to decide what can be 
updated, what can be upgraded, and what needs to be replaced. 


You should check the life cycles of those devices that require 
updates or upgrades because your IT planning schedule might 
call for them to be replaced within the current budget or 

they may be scheduled for next year’s budget. In either case, 
replacement is a better choice than updating or upgrading 
anything with a limited lifespan. 


Modifying the Environment 
for IPv6 


You will probably need to change your network management 
and deployment tools to handle IPv6 addresses. If you have 
a network automation solution, you can easily generate the 
appropriate addresses, subnets, and VLANs for each router 
using a consistent numbering schema, and then generate the 
router configuration changes and deploy them. 


And if you’re planning to do these processes manually, per- 
haps it’s the appropriate moment to evaluate the time and 
cost savings an automated network management solution 
would provide. You can benefit from the automation and 
control in your current IPv4 network now and be much more 
ready for eventually implementing IPv6. 
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With each set of router configuration changes, running 
diagnostic and validation tests is critical to ensure that no 
adverse effects on the network will result from such changes. 
Troubleshoot and resolve any problems that occur before 
moving on to the next set of changes. 


Getting Help 


You could try to achieve an IPv6 implementation on your own. 
Reading this book is a good first step. But your chances of 
successfully implementing a seamless transition are greatly 
enhanced if you get help from people who have had substan- 
tial experience with IPv6 adoption. 


That’s where Infoblox comes in. Their specialists have the 
IPv6 adoption expertise to help you move your network to 
the next-generation protocol safely, swiftly, and without head- 
aches. And they do it with an eye toward minimizing operat- 
ing costs and support requirements. 


Infoblox stands ready to assist you with any or all of the 
phases of your IPv6 adoption journey: 


Implementation strategies: Infoblox helps you determine 
which strategies will best enable IPv6 in your network 
without disrupting your IPv4 network. 


Network evaluation: Infoblox helps you determine what 
your current network strengths and weakness are rela- 
tive to IPv6. 


 IPv6 deployment: Infoblox assists you in preparing your 
network for IPv6-readiness phase by phase, including 
helping you to make necessary configuration changes (as 
well as testing and troubleshooting new configurations), 
conducting pilot tests during each discrete deploy- 
ment throughout your enterprise, and shepherding you 
through all phases of your IPv6 adoption strategy. 


/ Post-adoption IPv6 optimization: Infoblox will also be 
with you after you accomplish significant IPv6 adoption 
to make sure that the network is running optimally and 
that any problems are addressed and solved as they 
happen (and sometimes even before they occur!). 
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Chapter 4 


Ten (Okay, Eleven} 
Questions About IPv6 
Answered 





In This Chapter 
Alleviating anxieties 
Transition technologies 
Taking the first step 


Pv6 is a seismic changeover that’s been a long time 

coming. This chapter discusses ten questions — plus a 
final big one — that we hear a lot, from anxieties about the 
cutover process to specialized transition technologies that 
can ease you though IPv6 adoption. The answers should help 
your thinking about IPv6 and its ramifications. 


What If We Aren’t Ready 
to Change? 


Reluctance to change is typical and understandable. The key 
to overcoming this reluctance is to identify what specifically 
is holding you back. For the subject at hand, most often it’s 

a lack of understanding of what’s involved in IPv6 adoption. 
Hopefully, this book will fill in many of those knowledge gaps. 
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But, remember: the longer you wait, the greater the risk to 
your organization’s business continuity, business agility, and 
even competitive advantage. 


Additionally, more and more of your business partners will 
be converting to IPv6 in the near future, thereby making it 
increasingly more difficult to communicate with them. And if 
you do business with governmental agencies, you’re already 
playing catch up. 


The Internet is moving forward with IPv6 adoption out of 
necessity, and organizations that delay will find themselves 
increasingly isolated and will incur greater costs and risks in 
trying to keep IPv4 viable. 


Where Do We Look for More 
Information (And Get Help)? 


Infoblox.com has a series of white papers and recorded web- 
casts to tell you more than you probably want to know about 
IPv6. Their IPv6 Center of Excellence offers an abundance 

of resources and insights, from the highly technical to the 
general overview. Surveys, methodologies, best practices, 
questions, and answers — you pick your area of interest, and 
Infoblox will help you expand your own expertise in all mat- 
ters [Pv6-related. 


How Wilt I1Pv6 Adoption Impact 
Our Software? 
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If you're writing line-of-business software that uses a contempo- 
rary delivery system (like a web server) or a contemporary net- 
work stack, the adoption of IPv6 probably won’t have an impact. 


On the other hand, if you’re using IP numbers for logging, 

you must take note of the increased space requirements. 

IPv6 numbers are 128 bits — four times larger than IPV4. If 
you're hard-coding IP addresses in your software, you need to 
change your code to use DNS names or pull the IP addresses 
from a more easily changeable place, like a database. 
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What Transition Options 
Are Available? 


Although IPv6 will fully supplant IPv4 eventually, total conver- 
sion for the entire world will take some time. In the interim, 
employ transition mechanisms to enable IPv6-only hosts to 
reach IPv4 services, and also to allow isolated IPv6 hosts 

and networks to reach the IPv6 Internet over the IPv4 
infrastructure. 


There are three principal IPv6 transition strategies that you 
can choose from, or you may want to adopt a combination. 
They include: tunneling, dual-stack, and translation (we dis- 
cuss these options in the following sections). As you decide 
among the three solutions, you should keep in mind: your 
current network environment, the amount of IPv4 address 
space you have, the amount of IPv6 traffic you expect to 
accommodate in the near future, and the availability of IPv6 
applications currently on your end systems, devices, and 
appliances. 


What Is Tunneling? 


Tunneling is a short-term IPv6 transition strategy. It encapsu- 
lates IPv6 traffic within IPv4 packets so they can be sent over 
an IPv4 backbone, and allows packets of IPv6 end systems and 
routers to communicate without the need to upgrade the con- 
necting infrastructure. 


In automatic tunneling, the routing infrastructure automati- 
cally determines the tunnel endpoints. In configured tunnel- 
ing, recommended for large and well-administered networks, 
the tunnel endpoints are explicitly configured one of three 
ways: manually by an administrator, or by the operating sys- 
tem’s configuration mechanisms, or by an automatic service 
called a tunnel broker. Automated tunneling is a compromise 
approach that combines the ease of use of automatic tunnel- 
ing and the deterministic behavior of configured tunneling. 
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What Is Dual-Stack? 
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A highly flexible strategy, dual-stack accommodates both IPv4 
and IPv6 packets across the network, necessitating that all 
network infrastructure devices operate both IPv4 and IPv6 
protocol stacks according to each one’s specific routing pro- 
tocols. Dual-stack is a long-term solution but not a permanent 
one, because eventually IPv4 will be tossed aside in favor 

of IPv6. 


Dual-stack is the most frequently recommended solution 

for enterprise networks because they’re likely to see traffic 

of both protocol types. Dual-stack is also recommended for 
companies that want to deploy IPv6 on their internal network 
infrastructures or that have IPv6-enabled devices provided 
by their employees or guests on their networks. Similarly, 
enterprises that are just getting started with IPv6 deployment 
or are instituting lab trials or demonstration projects should 
strongly consider a dual-stack strategy. 


You do need to have enough IPv4 address space for all your 
devices to do dual-stack. If a shortage of IPv4 addresses is 
driving you toward IPv6 now, this won’t be an option for you. 


What Is Translation? 


A comprehensive transition strategy, translation means both 
providing IPv6 communication end-to-end and translating 
intercommunication between the two protocols, either on the 
host or on the router, with an application-level decision about 
which protocol to employ. 


The eventual goal with IPv6 is to completely replace IPv4 
wherever possible, so translation should not be thought of 
as an end game. But the reality is that most organizations 
will have legacy devices that can’t be upgraded but will need 
to function over a TCP/IP network. Translation, then, func- 
tions both as a good short-term transition technology and a 
long-term means of supporting legacy systems that can’t be 
upgraded. 
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How Will This Change the 
Network Infrastructure? 


Although IPv6 deployment will reach out and touch every 
corner of your organization that has any connection to IT, 
both physical or virtual — including laptops, desktops, mobile 
devices, printers, applications, VPNs, WANs, sensors, control- 
lers, cloud connections, and so on — the network infrastruc- 
ture is priority one. The greatest impact of the advent of IPv6 
will be at the network infrastructure level. 

gs 
Your network infrastructure will have to adapt to IPv6, 

eventually. 


What Are the Security 
Risks for 1Pv6? 


Some implementation strategies have security considerations. 
Tunneling is an example. When using tunnels, the IPv6 traffic 
is encapsulated in a single flow between networks, making it 
hard to differentiate between traffic flows or to take actions 
based on the real source and destination address. Security 
processing for IPv6 moves from the network perimeter to the 
IPv6 gateway, bypassing the firewalls and access control lists. 
Attacks using 6in4 tunnels to get through a firewall have been 
reported. 


grt TU Also, the stateless address auto configuration (GSLAAC) of IPv6 

Ry 1G can create a threat for outbound security because it reduces 

my \] the strength of a perimeter security model. Although some 
argue that NAT creates security by hiding internal addresses, 
the Internet engineering community considers that logic 
weak. Devices can trigger updates directly to the Dynamic 
Domain Name System rather than limited updates to a trusted 
server. Policies can eliminate these threats, but at a cost to 
ease of operations. 
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Should We Convert Our Whole 
Enterprise at Once? 


You should adopt a phased deployment, starting with those 
areas of your enterprise that are easiest to integrate and will 
present the least complex deployment, especially focusing on 
the most independent components of your organization. 


In this phased approach, you should complete each phase 
fully — including component reconfiguration, partial deploy- 
ment, testing, troubleshooting, and a repeat of those steps 
until full implementation for that phase is achieved — before 
moving on to the next phase. 


How Do We Take 
the First Steps? 


Actually, reading this book was a good first step. You should 
ask others who will be making the IPv6 adoption journey with 
you to review its contents, too. Remember, making a change in 
a transport protocol is not a one-person job. You need help — 
lots of it. Start with those you work with, and then reach out 
to vendors, suppliers, your Internet provider, and anyone who 
has anything to do with your network. 


Specialists at Infoblox would be happy to discuss ways they 
can help you begin to move your organization through the 
cutover process. They can assist you with transition strate- 
gies, network assessments, and any questions you may have 
about IPv6. 
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Leverage Automation 


Simplify IPv6 Deployments 








Manage Dual Stack IPv4-IPv6 Networks 
Eliminate Spreadsheets for Managing IP Address Space 
Synchronize IP Address Management with DNS & DHCP in Real-time 
Provide Integrated IPv6 DNS, DNS64, & DHCPv6 Services 


VVAVIVAVAVA Dan ke)elce),erece) eal 


© 2012 Infoblox Inc. All rights reserved. 








Understand how to migrate 
your organization to IPv6 


Open the book and find: 


IPv6, or Internet Protocol version 6, is the newest 
way that Internet devices talk to each other. It’s 

a set of international communications rules that 
specifies the way small packets of data are routed 
across networks. Understanding IPv6 is important 
because migrating your organization to IPv6 is no 
trivial task. Aside from knowing what’s going on 
under the hood, you’re going to want insight on 
methodology, device selection, and testing. This 
book will help. 


e [Pv6 basics — more and more people and 
devices are connecting to the Internet every 
day, which is why a new addressing system 
is necessary 


e Planning to change — when you switch from 
one protocol to another, it’s better to have a 
plan in place 


e Making the change — figure out where you 
stand and how much of your equipment is 
good to go 


Go to Dummies.com:’ 
for videos, step-by-step examples, 
how-to articles, or to shop! 





